
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
  <head>
    <meta http-equiv="X-UA-Compatible" content="IE=Edge" />
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>django.contrib.auth &#8212; Django 2.2.12.dev20200304094918 documentation</title>
    <link rel="stylesheet" href="../../_static/default.css" type="text/css" />
    <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
    <script type="text/javascript" id="documentation_options" data-url_root="../../" src="../../_static/documentation_options.js"></script>
    <script type="text/javascript" src="../../_static/jquery.js"></script>
    <script type="text/javascript" src="../../_static/underscore.js"></script>
    <script type="text/javascript" src="../../_static/doctools.js"></script>
    <script type="text/javascript" src="../../_static/language_data.js"></script>
    <link rel="index" title="Index" href="../../genindex.html" />
    <link rel="search" title="Search" href="../../search.html" />
    <link rel="next" title="The contenttypes framework" href="contenttypes.html" />
    <link rel="prev" title="JavaScript customizations in the admin" href="admin/javascript.html" />



 
<script type="text/javascript" src="../../templatebuiltins.js"></script>
<script type="text/javascript">
(function($) {
    if (!django_template_builtins) {
       // templatebuiltins.js missing, do nothing.
       return;
    }
    $(document).ready(function() {
        // Hyperlink Django template tags and filters
        var base = "../templates/builtins.html";
        if (base == "#") {
            // Special case for builtins.html itself
            base = "";
        }
        // Tags are keywords, class '.k'
        $("div.highlight\\-html\\+django span.k").each(function(i, elem) {
             var tagname = $(elem).text();
             if ($.inArray(tagname, django_template_builtins.ttags) != -1) {
                 var fragment = tagname.replace(/_/, '-');
                 $(elem).html("<a href='" + base + "#" + fragment + "'>" + tagname + "</a>");
             }
        });
        // Filters are functions, class '.nf'
        $("div.highlight\\-html\\+django span.nf").each(function(i, elem) {
             var filtername = $(elem).text();
             if ($.inArray(filtername, django_template_builtins.tfilters) != -1) {
                 var fragment = filtername.replace(/_/, '-');
                 $(elem).html("<a href='" + base + "#" + fragment + "'>" + filtername + "</a>");
             }
        });
    });
})(jQuery);</script>

  </head><body>

    <div class="document">
  <div id="custom-doc" class="yui-t6">
    <div id="hd">
      <h1><a href="../../index.html">Django 2.2.12.dev20200304094918 documentation</a></h1>
      <div id="global-nav">
        <a title="Home page" href="../../index.html">Home</a>  |
        <a title="Table of contents" href="../../contents.html">Table of contents</a>  |
        <a title="Global index" href="../../genindex.html">Index</a>  |
        <a title="Module index" href="../../py-modindex.html">Modules</a>
      </div>
      <div class="nav">
    &laquo; <a href="admin/javascript.html" title="JavaScript customizations in the admin">previous</a>
     |
    <a href="../index.html" title="API Reference" accesskey="U">up</a>
   |
    <a href="contenttypes.html" title="The contenttypes framework">next</a> &raquo;</div>
    </div>

    <div id="bd">
      <div id="yui-main">
        <div class="yui-b">
          <div class="yui-g" id="ref-contrib-auth">
            
  <div class="section" id="s-django-contrib-auth">
<span id="django-contrib-auth"></span><h1><code class="docutils literal notranslate"><span class="pre">django.contrib.auth</span></code><a class="headerlink" href="#django-contrib-auth" title="Permalink to this headline">¶</a></h1>
<p>This document provides API reference material for the components of Django’s
authentication system. For more details on the usage of these components or
how to customize authentication and authorization see the <a class="reference internal" href="../../topics/auth/index.html"><span class="doc">authentication
topic guide</span></a>.</p>
<div class="section" id="s-user-model">
<span id="user-model"></span><h2><code class="docutils literal notranslate"><span class="pre">User</span></code> model<a class="headerlink" href="#user-model" title="Permalink to this headline">¶</a></h2>
<div class="section" id="s-fields">
<span id="fields"></span><h3>Fields<a class="headerlink" href="#fields" title="Permalink to this headline">¶</a></h3>
<dl class="class">
<dt id="django.contrib.auth.models.User">
<em class="property">class </em><code class="descclassname">models.</code><code class="descname">User</code><a class="headerlink" href="#django.contrib.auth.models.User" title="Permalink to this definition">¶</a></dt>
<dd><p><a class="reference internal" href="#django.contrib.auth.models.User" title="django.contrib.auth.models.User"><code class="xref py py-class docutils literal notranslate"><span class="pre">User</span></code></a> objects have the following
fields:</p>
<dl class="attribute">
<dt id="django.contrib.auth.models.User.username">
<code class="descname">username</code><a class="headerlink" href="#django.contrib.auth.models.User.username" title="Permalink to this definition">¶</a></dt>
<dd><p>Required. 150 characters or fewer. Usernames may contain alphanumeric,
<code class="docutils literal notranslate"><span class="pre">_</span></code>, <code class="docutils literal notranslate"><span class="pre">&#64;</span></code>, <code class="docutils literal notranslate"><span class="pre">+</span></code>, <code class="docutils literal notranslate"><span class="pre">.</span></code> and <code class="docutils literal notranslate"><span class="pre">-</span></code> characters.</p>
<p>The <code class="docutils literal notranslate"><span class="pre">max_length</span></code> should be sufficient for many use cases. If you need
a longer length, please use a <a class="reference internal" href="../../topics/auth/customizing.html#specifying-custom-user-model"><span class="std std-ref">custom user model</span></a>. If you use MySQL with the <code class="docutils literal notranslate"><span class="pre">utf8mb4</span></code>
encoding (recommended for proper Unicode support), specify at most
<code class="docutils literal notranslate"><span class="pre">max_length=191</span></code> because MySQL can only create unique indexes with
191 characters in that case by default.</p>
<div class="admonition-usernames-and-unicode admonition">
<p class="first admonition-title">Usernames and Unicode</p>
<p class="last">Django originally accepted only ASCII letters and numbers in
usernames. Although it wasn’t a deliberate choice, Unicode
characters have always been accepted when using Python 3. Django
1.10 officially added Unicode support in usernames, keeping the
ASCII-only behavior on Python 2.</p>
</div>
</dd></dl>

<dl class="attribute">
<dt id="django.contrib.auth.models.User.first_name">
<code class="descname">first_name</code><a class="headerlink" href="#django.contrib.auth.models.User.first_name" title="Permalink to this definition">¶</a></dt>
<dd><p>Optional (<a class="reference internal" href="../models/fields.html#django.db.models.Field.blank" title="django.db.models.Field.blank"><code class="xref py py-attr docutils literal notranslate"><span class="pre">blank=True</span></code></a>). 30
characters or fewer.</p>
</dd></dl>

<dl class="attribute">
<dt id="django.contrib.auth.models.User.last_name">
<code class="descname">last_name</code><a class="headerlink" href="#django.contrib.auth.models.User.last_name" title="Permalink to this definition">¶</a></dt>
<dd><p>Optional (<a class="reference internal" href="../models/fields.html#django.db.models.Field.blank" title="django.db.models.Field.blank"><code class="xref py py-attr docutils literal notranslate"><span class="pre">blank=True</span></code></a>). 150
characters or fewer.</p>
</dd></dl>

<dl class="attribute">
<dt id="django.contrib.auth.models.User.email">
<code class="descname">email</code><a class="headerlink" href="#django.contrib.auth.models.User.email" title="Permalink to this definition">¶</a></dt>
<dd><p>Optional (<a class="reference internal" href="../models/fields.html#django.db.models.Field.blank" title="django.db.models.Field.blank"><code class="xref py py-attr docutils literal notranslate"><span class="pre">blank=True</span></code></a>). Email
address.</p>
</dd></dl>

<dl class="attribute">
<dt id="django.contrib.auth.models.User.password">
<code class="descname">password</code><a class="headerlink" href="#django.contrib.auth.models.User.password" title="Permalink to this definition">¶</a></dt>
<dd><p>Required. A hash of, and metadata about, the password. (Django doesn’t
store the raw password.) Raw passwords can be arbitrarily long and can
contain any character. See the <a class="reference internal" href="../../topics/auth/passwords.html"><span class="doc">password documentation</span></a>.</p>
</dd></dl>

<dl class="attribute">
<dt id="django.contrib.auth.models.User.groups">
<code class="descname">groups</code><a class="headerlink" href="#django.contrib.auth.models.User.groups" title="Permalink to this definition">¶</a></dt>
<dd><p>Many-to-many relationship to <a class="reference internal" href="#django.contrib.auth.models.Group" title="django.contrib.auth.models.Group"><code class="xref py py-class docutils literal notranslate"><span class="pre">Group</span></code></a></p>
</dd></dl>

<dl class="attribute">
<dt id="django.contrib.auth.models.User.user_permissions">
<code class="descname">user_permissions</code><a class="headerlink" href="#django.contrib.auth.models.User.user_permissions" title="Permalink to this definition">¶</a></dt>
<dd><p>Many-to-many relationship to <a class="reference internal" href="#django.contrib.auth.models.Permission" title="django.contrib.auth.models.Permission"><code class="xref py py-class docutils literal notranslate"><span class="pre">Permission</span></code></a></p>
</dd></dl>

<dl class="attribute">
<dt id="django.contrib.auth.models.User.is_staff">
<code class="descname">is_staff</code><a class="headerlink" href="#django.contrib.auth.models.User.is_staff" title="Permalink to this definition">¶</a></dt>
<dd><p>Boolean. Designates whether this user can access the admin site.</p>
</dd></dl>

<dl class="attribute">
<dt id="django.contrib.auth.models.User.is_active">
<code class="descname">is_active</code><a class="headerlink" href="#django.contrib.auth.models.User.is_active" title="Permalink to this definition">¶</a></dt>
<dd><p>Boolean. Designates whether this user account should be considered
active. We recommend that you set this flag to <code class="docutils literal notranslate"><span class="pre">False</span></code> instead of
deleting accounts; that way, if your applications have any foreign keys
to users, the foreign keys won’t break.</p>
<p>This doesn’t necessarily control whether or not the user can log in.
Authentication backends aren’t required to check for the <code class="docutils literal notranslate"><span class="pre">is_active</span></code>
flag but the default backend
(<a class="reference internal" href="#django.contrib.auth.backends.ModelBackend" title="django.contrib.auth.backends.ModelBackend"><code class="xref py py-class docutils literal notranslate"><span class="pre">ModelBackend</span></code></a>) and the
<a class="reference internal" href="#django.contrib.auth.backends.RemoteUserBackend" title="django.contrib.auth.backends.RemoteUserBackend"><code class="xref py py-class docutils literal notranslate"><span class="pre">RemoteUserBackend</span></code></a> do. You can
use <a class="reference internal" href="#django.contrib.auth.backends.AllowAllUsersModelBackend" title="django.contrib.auth.backends.AllowAllUsersModelBackend"><code class="xref py py-class docutils literal notranslate"><span class="pre">AllowAllUsersModelBackend</span></code></a>
or <a class="reference internal" href="#django.contrib.auth.backends.AllowAllUsersRemoteUserBackend" title="django.contrib.auth.backends.AllowAllUsersRemoteUserBackend"><code class="xref py py-class docutils literal notranslate"><span class="pre">AllowAllUsersRemoteUserBackend</span></code></a>
if you want to allow inactive users to login. In this case, you’ll also
want to customize the
<a class="reference internal" href="../../topics/auth/default.html#django.contrib.auth.forms.AuthenticationForm" title="django.contrib.auth.forms.AuthenticationForm"><code class="xref py py-class docutils literal notranslate"><span class="pre">AuthenticationForm</span></code></a> used by the
<a class="reference internal" href="../../topics/auth/default.html#django.contrib.auth.views.LoginView" title="django.contrib.auth.views.LoginView"><code class="xref py py-class docutils literal notranslate"><span class="pre">LoginView</span></code></a> as it rejects inactive
users. Be aware that the permission-checking methods such as
<a class="reference internal" href="#django.contrib.auth.models.User.has_perm" title="django.contrib.auth.models.User.has_perm"><code class="xref py py-meth docutils literal notranslate"><span class="pre">has_perm()</span></code></a> and the
authentication in the Django admin all return <code class="docutils literal notranslate"><span class="pre">False</span></code> for inactive
users.</p>
</dd></dl>

<dl class="attribute">
<dt id="django.contrib.auth.models.User.is_superuser">
<code class="descname">is_superuser</code><a class="headerlink" href="#django.contrib.auth.models.User.is_superuser" title="Permalink to this definition">¶</a></dt>
<dd><p>Boolean. Designates that this user has all permissions without
explicitly assigning them.</p>
</dd></dl>

<dl class="attribute">
<dt id="django.contrib.auth.models.User.last_login">
<code class="descname">last_login</code><a class="headerlink" href="#django.contrib.auth.models.User.last_login" title="Permalink to this definition">¶</a></dt>
<dd><p>A datetime of the user’s last login.</p>
</dd></dl>

<dl class="attribute">
<dt id="django.contrib.auth.models.User.date_joined">
<code class="descname">date_joined</code><a class="headerlink" href="#django.contrib.auth.models.User.date_joined" title="Permalink to this definition">¶</a></dt>
<dd><p>A datetime designating when the account was created. Is set to the
current date/time by default when the account is created.</p>
</dd></dl>

</dd></dl>

</div>
<div class="section" id="s-attributes">
<span id="attributes"></span><h3>Attributes<a class="headerlink" href="#attributes" title="Permalink to this headline">¶</a></h3>
<dl class="class">
<dt>
<em class="property">class </em><code class="descclassname">models.</code><code class="descname">User</code></dt>
<dd><dl class="attribute">
<dt id="django.contrib.auth.models.User.is_authenticated">
<code class="descname">is_authenticated</code><a class="headerlink" href="#django.contrib.auth.models.User.is_authenticated" title="Permalink to this definition">¶</a></dt>
<dd><p>Read-only attribute which is always <code class="docutils literal notranslate"><span class="pre">True</span></code> (as opposed to
<code class="docutils literal notranslate"><span class="pre">AnonymousUser.is_authenticated</span></code> which is always <code class="docutils literal notranslate"><span class="pre">False</span></code>). This is
a way to tell if the user has been authenticated. This does not imply
any permissions and doesn’t check if the user is active or has a valid
session. Even though normally you will check this attribute on
<code class="docutils literal notranslate"><span class="pre">request.user</span></code> to find out whether it has been populated by the
<a class="reference internal" href="../middleware.html#django.contrib.auth.middleware.AuthenticationMiddleware" title="django.contrib.auth.middleware.AuthenticationMiddleware"><code class="xref py py-class docutils literal notranslate"><span class="pre">AuthenticationMiddleware</span></code></a>
(representing the currently logged-in user), you should know this
attribute is <code class="docutils literal notranslate"><span class="pre">True</span></code> for any <a class="reference internal" href="#django.contrib.auth.models.User" title="django.contrib.auth.models.User"><code class="xref py py-class docutils literal notranslate"><span class="pre">User</span></code></a> instance.</p>
</dd></dl>

<dl class="attribute">
<dt id="django.contrib.auth.models.User.is_anonymous">
<code class="descname">is_anonymous</code><a class="headerlink" href="#django.contrib.auth.models.User.is_anonymous" title="Permalink to this definition">¶</a></dt>
<dd><p>Read-only attribute which is always <code class="docutils literal notranslate"><span class="pre">False</span></code>. This is a way of
differentiating <a class="reference internal" href="#django.contrib.auth.models.User" title="django.contrib.auth.models.User"><code class="xref py py-class docutils literal notranslate"><span class="pre">User</span></code></a> and <a class="reference internal" href="#django.contrib.auth.models.AnonymousUser" title="django.contrib.auth.models.AnonymousUser"><code class="xref py py-class docutils literal notranslate"><span class="pre">AnonymousUser</span></code></a>
objects. Generally, you should prefer using
<a class="reference internal" href="#django.contrib.auth.models.User.is_authenticated" title="django.contrib.auth.models.User.is_authenticated"><code class="xref py py-attr docutils literal notranslate"><span class="pre">is_authenticated</span></code></a> to this
attribute.</p>
</dd></dl>

</dd></dl>

</div>
<div class="section" id="s-methods">
<span id="methods"></span><h3>Methods<a class="headerlink" href="#methods" title="Permalink to this headline">¶</a></h3>
<dl class="class">
<dt>
<em class="property">class </em><code class="descclassname">models.</code><code class="descname">User</code></dt>
<dd><dl class="method">
<dt id="django.contrib.auth.models.User.get_username">
<code class="descname">get_username</code>()<a class="headerlink" href="#django.contrib.auth.models.User.get_username" title="Permalink to this definition">¶</a></dt>
<dd><p>Returns the username for the user. Since the <code class="docutils literal notranslate"><span class="pre">User</span></code> model can be
swapped out, you should use this method instead of referencing the
username attribute directly.</p>
</dd></dl>

<dl class="method">
<dt id="django.contrib.auth.models.User.get_full_name">
<code class="descname">get_full_name</code>()<a class="headerlink" href="#django.contrib.auth.models.User.get_full_name" title="Permalink to this definition">¶</a></dt>
<dd><p>Returns the <a class="reference internal" href="#django.contrib.auth.models.User.first_name" title="django.contrib.auth.models.User.first_name"><code class="xref py py-attr docutils literal notranslate"><span class="pre">first_name</span></code></a> plus
the <a class="reference internal" href="#django.contrib.auth.models.User.last_name" title="django.contrib.auth.models.User.last_name"><code class="xref py py-attr docutils literal notranslate"><span class="pre">last_name</span></code></a>, with a space in
between.</p>
</dd></dl>

<dl class="method">
<dt id="django.contrib.auth.models.User.get_short_name">
<code class="descname">get_short_name</code>()<a class="headerlink" href="#django.contrib.auth.models.User.get_short_name" title="Permalink to this definition">¶</a></dt>
<dd><p>Returns the <a class="reference internal" href="#django.contrib.auth.models.User.first_name" title="django.contrib.auth.models.User.first_name"><code class="xref py py-attr docutils literal notranslate"><span class="pre">first_name</span></code></a>.</p>
</dd></dl>

<dl class="method">
<dt id="django.contrib.auth.models.User.set_password">
<code class="descname">set_password</code>(<em>raw_password</em>)<a class="headerlink" href="#django.contrib.auth.models.User.set_password" title="Permalink to this definition">¶</a></dt>
<dd><p>Sets the user’s password to the given raw string, taking care of the
password hashing. Doesn’t save the
<a class="reference internal" href="#django.contrib.auth.models.User" title="django.contrib.auth.models.User"><code class="xref py py-class docutils literal notranslate"><span class="pre">User</span></code></a> object.</p>
<p>When the <code class="docutils literal notranslate"><span class="pre">raw_password</span></code> is <code class="docutils literal notranslate"><span class="pre">None</span></code>, the password will be set to an
unusable password, as if
<a class="reference internal" href="#django.contrib.auth.models.User.set_unusable_password" title="django.contrib.auth.models.User.set_unusable_password"><code class="xref py py-meth docutils literal notranslate"><span class="pre">set_unusable_password()</span></code></a>
were used.</p>
</dd></dl>

<dl class="method">
<dt id="django.contrib.auth.models.User.check_password">
<code class="descname">check_password</code>(<em>raw_password</em>)<a class="headerlink" href="#django.contrib.auth.models.User.check_password" title="Permalink to this definition">¶</a></dt>
<dd><p>Returns <code class="docutils literal notranslate"><span class="pre">True</span></code> if the given raw string is the correct password for
the user. (This takes care of the password hashing in making the
comparison.)</p>
</dd></dl>

<dl class="method">
<dt id="django.contrib.auth.models.User.set_unusable_password">
<code class="descname">set_unusable_password</code>()<a class="headerlink" href="#django.contrib.auth.models.User.set_unusable_password" title="Permalink to this definition">¶</a></dt>
<dd><p>Marks the user as having no password set.  This isn’t the same as
having a blank string for a password.
<a class="reference internal" href="#django.contrib.auth.models.User.check_password" title="django.contrib.auth.models.User.check_password"><code class="xref py py-meth docutils literal notranslate"><span class="pre">check_password()</span></code></a> for this user
will never return <code class="docutils literal notranslate"><span class="pre">True</span></code>. Doesn’t save the
<a class="reference internal" href="#django.contrib.auth.models.User" title="django.contrib.auth.models.User"><code class="xref py py-class docutils literal notranslate"><span class="pre">User</span></code></a> object.</p>
<p>You may need this if authentication for your application takes place
against an existing external source such as an LDAP directory.</p>
</dd></dl>

<dl class="method">
<dt id="django.contrib.auth.models.User.has_usable_password">
<code class="descname">has_usable_password</code>()<a class="headerlink" href="#django.contrib.auth.models.User.has_usable_password" title="Permalink to this definition">¶</a></dt>
<dd><p>Returns <code class="docutils literal notranslate"><span class="pre">False</span></code> if
<a class="reference internal" href="#django.contrib.auth.models.User.set_unusable_password" title="django.contrib.auth.models.User.set_unusable_password"><code class="xref py py-meth docutils literal notranslate"><span class="pre">set_unusable_password()</span></code></a> has
been called for this user.</p>
<div class="versionchanged">
<span class="title">Changed in Django 2.1:</span> <p>In older versions, this also returns <code class="docutils literal notranslate"><span class="pre">False</span></code> if the password is
<code class="docutils literal notranslate"><span class="pre">None</span></code> or an empty string, or if the password uses a hasher
that’s not in the <a class="reference internal" href="../settings.html#std:setting-PASSWORD_HASHERS"><code class="xref std std-setting docutils literal notranslate"><span class="pre">PASSWORD_HASHERS</span></code></a> setting. That
behavior is considered a bug as it prevents users with such
passwords from requesting a password reset.</p>
</div>
</dd></dl>

<dl class="method">
<dt id="django.contrib.auth.models.User.get_group_permissions">
<code class="descname">get_group_permissions</code>(<em>obj=None</em>)<a class="headerlink" href="#django.contrib.auth.models.User.get_group_permissions" title="Permalink to this definition">¶</a></dt>
<dd><p>Returns a set of permission strings that the user has, through their
groups.</p>
<p>If <code class="docutils literal notranslate"><span class="pre">obj</span></code> is passed in, only returns the group permissions for
this specific object.</p>
</dd></dl>

<dl class="method">
<dt id="django.contrib.auth.models.User.get_all_permissions">
<code class="descname">get_all_permissions</code>(<em>obj=None</em>)<a class="headerlink" href="#django.contrib.auth.models.User.get_all_permissions" title="Permalink to this definition">¶</a></dt>
<dd><p>Returns a set of permission strings that the user has, both through
group and user permissions.</p>
<p>If <code class="docutils literal notranslate"><span class="pre">obj</span></code> is passed in, only returns the permissions for this
specific object.</p>
</dd></dl>

<dl class="method">
<dt id="django.contrib.auth.models.User.has_perm">
<code class="descname">has_perm</code>(<em>perm</em>, <em>obj=None</em>)<a class="headerlink" href="#django.contrib.auth.models.User.has_perm" title="Permalink to this definition">¶</a></dt>
<dd><p>Returns <code class="docutils literal notranslate"><span class="pre">True</span></code> if the user has the specified permission, where perm
is in the format <code class="docutils literal notranslate"><span class="pre">&quot;&lt;app</span> <span class="pre">label&gt;.&lt;permission</span> <span class="pre">codename&gt;&quot;</span></code>. (see
documentation on <a class="reference internal" href="../../topics/auth/default.html#topic-authorization"><span class="std std-ref">permissions</span></a>). If the user is
inactive, this method will always return <code class="docutils literal notranslate"><span class="pre">False</span></code>. For an active
superuser, this method will always return <code class="docutils literal notranslate"><span class="pre">True</span></code>.</p>
<p>If <code class="docutils literal notranslate"><span class="pre">obj</span></code> is passed in, this method won’t check for a permission for
the model, but for this specific object.</p>
</dd></dl>

<dl class="method">
<dt id="django.contrib.auth.models.User.has_perms">
<code class="descname">has_perms</code>(<em>perm_list</em>, <em>obj=None</em>)<a class="headerlink" href="#django.contrib.auth.models.User.has_perms" title="Permalink to this definition">¶</a></dt>
<dd><p>Returns <code class="docutils literal notranslate"><span class="pre">True</span></code> if the user has each of the specified permissions,
where each perm is in the format
<code class="docutils literal notranslate"><span class="pre">&quot;&lt;app</span> <span class="pre">label&gt;.&lt;permission</span> <span class="pre">codename&gt;&quot;</span></code>. If the user is inactive,
this method will always return <code class="docutils literal notranslate"><span class="pre">False</span></code>. For an active superuser, this
method will always return <code class="docutils literal notranslate"><span class="pre">True</span></code>.</p>
<p>If <code class="docutils literal notranslate"><span class="pre">obj</span></code> is passed in, this method won’t check for permissions for
the model, but for the specific object.</p>
</dd></dl>

<dl class="method">
<dt id="django.contrib.auth.models.User.has_module_perms">
<code class="descname">has_module_perms</code>(<em>package_name</em>)<a class="headerlink" href="#django.contrib.auth.models.User.has_module_perms" title="Permalink to this definition">¶</a></dt>
<dd><p>Returns <code class="docutils literal notranslate"><span class="pre">True</span></code> if the user has any permissions in the given package
(the Django app label). If the user is inactive, this method will
always return <code class="docutils literal notranslate"><span class="pre">False</span></code>. For an active superuser, this method will
always return <code class="docutils literal notranslate"><span class="pre">True</span></code>.</p>
</dd></dl>

<dl class="method">
<dt id="django.contrib.auth.models.User.email_user">
<code class="descname">email_user</code>(<em>subject</em>, <em>message</em>, <em>from_email=None</em>, <em>**kwargs</em>)<a class="headerlink" href="#django.contrib.auth.models.User.email_user" title="Permalink to this definition">¶</a></dt>
<dd><p>Sends an email to the user. If <code class="docutils literal notranslate"><span class="pre">from_email</span></code> is <code class="docutils literal notranslate"><span class="pre">None</span></code>, Django uses
the <a class="reference internal" href="../settings.html#std:setting-DEFAULT_FROM_EMAIL"><code class="xref std std-setting docutils literal notranslate"><span class="pre">DEFAULT_FROM_EMAIL</span></code></a>. Any <code class="docutils literal notranslate"><span class="pre">**kwargs</span></code> are passed to the
underlying <a class="reference internal" href="../../topics/email.html#django.core.mail.send_mail" title="django.core.mail.send_mail"><code class="xref py py-meth docutils literal notranslate"><span class="pre">send_mail()</span></code></a> call.</p>
</dd></dl>

</dd></dl>

</div>
<div class="section" id="s-manager-methods">
<span id="manager-methods"></span><h3>Manager methods<a class="headerlink" href="#manager-methods" title="Permalink to this headline">¶</a></h3>
<dl class="class">
<dt id="django.contrib.auth.models.UserManager">
<em class="property">class </em><code class="descclassname">models.</code><code class="descname">UserManager</code><a class="headerlink" href="#django.contrib.auth.models.UserManager" title="Permalink to this definition">¶</a></dt>
<dd><p>The <a class="reference internal" href="#django.contrib.auth.models.User" title="django.contrib.auth.models.User"><code class="xref py py-class docutils literal notranslate"><span class="pre">User</span></code></a> model has a custom manager
that has the following helper methods (in addition to the methods provided
by <a class="reference internal" href="../../topics/auth/customizing.html#django.contrib.auth.models.BaseUserManager" title="django.contrib.auth.models.BaseUserManager"><code class="xref py py-class docutils literal notranslate"><span class="pre">BaseUserManager</span></code></a>):</p>
<dl class="method">
<dt id="django.contrib.auth.models.UserManager.create_user">
<code class="descname">create_user</code>(<em>username</em>, <em>email=None</em>, <em>password=None</em>, <em>**extra_fields</em>)<a class="headerlink" href="#django.contrib.auth.models.UserManager.create_user" title="Permalink to this definition">¶</a></dt>
<dd><p>Creates, saves and returns a <a class="reference internal" href="#django.contrib.auth.models.User" title="django.contrib.auth.models.User"><code class="xref py py-class docutils literal notranslate"><span class="pre">User</span></code></a>.</p>
<p>The <a class="reference internal" href="#django.contrib.auth.models.User.username" title="django.contrib.auth.models.User.username"><code class="xref py py-attr docutils literal notranslate"><span class="pre">username</span></code></a> and
<a class="reference internal" href="#django.contrib.auth.models.User.password" title="django.contrib.auth.models.User.password"><code class="xref py py-attr docutils literal notranslate"><span class="pre">password</span></code></a> are set as given. The
domain portion of <a class="reference internal" href="#django.contrib.auth.models.User.email" title="django.contrib.auth.models.User.email"><code class="xref py py-attr docutils literal notranslate"><span class="pre">email</span></code></a> is
automatically converted to lowercase, and the returned
<a class="reference internal" href="#django.contrib.auth.models.User" title="django.contrib.auth.models.User"><code class="xref py py-class docutils literal notranslate"><span class="pre">User</span></code></a> object will have
<a class="reference internal" href="#django.contrib.auth.models.User.is_active" title="django.contrib.auth.models.User.is_active"><code class="xref py py-attr docutils literal notranslate"><span class="pre">is_active</span></code></a> set to <code class="docutils literal notranslate"><span class="pre">True</span></code>.</p>
<p>If no password is provided,
<a class="reference internal" href="#django.contrib.auth.models.User.set_unusable_password" title="django.contrib.auth.models.User.set_unusable_password"><code class="xref py py-meth docutils literal notranslate"><span class="pre">set_unusable_password()</span></code></a> will
be called.</p>
<p>The <code class="docutils literal notranslate"><span class="pre">extra_fields</span></code> keyword arguments are passed through to the
<a class="reference internal" href="#django.contrib.auth.models.User" title="django.contrib.auth.models.User"><code class="xref py py-class docutils literal notranslate"><span class="pre">User</span></code></a>’s <code class="docutils literal notranslate"><span class="pre">__init__</span></code> method to
allow setting arbitrary fields on a <a class="reference internal" href="../../topics/auth/customizing.html#auth-custom-user"><span class="std std-ref">custom user model</span></a>.</p>
<p>See <a class="reference internal" href="../../topics/auth/default.html#topics-auth-creating-users"><span class="std std-ref">Creating users</span></a> for example usage.</p>
</dd></dl>

<dl class="method">
<dt id="django.contrib.auth.models.UserManager.create_superuser">
<code class="descname">create_superuser</code>(<em>username</em>, <em>email</em>, <em>password</em>, <em>**extra_fields</em>)<a class="headerlink" href="#django.contrib.auth.models.UserManager.create_superuser" title="Permalink to this definition">¶</a></dt>
<dd><p>Same as <a class="reference internal" href="#django.contrib.auth.models.UserManager.create_user" title="django.contrib.auth.models.UserManager.create_user"><code class="xref py py-meth docutils literal notranslate"><span class="pre">create_user()</span></code></a>, but sets <a class="reference internal" href="#django.contrib.auth.models.User.is_staff" title="django.contrib.auth.models.User.is_staff"><code class="xref py py-attr docutils literal notranslate"><span class="pre">is_staff</span></code></a> and
<a class="reference internal" href="#django.contrib.auth.models.User.is_superuser" title="django.contrib.auth.models.User.is_superuser"><code class="xref py py-attr docutils literal notranslate"><span class="pre">is_superuser</span></code></a> to <code class="docutils literal notranslate"><span class="pre">True</span></code>.</p>
</dd></dl>

</dd></dl>

</div>
</div>
<div class="section" id="s-anonymoususer-object">
<span id="anonymoususer-object"></span><h2><code class="docutils literal notranslate"><span class="pre">AnonymousUser</span></code> object<a class="headerlink" href="#anonymoususer-object" title="Permalink to this headline">¶</a></h2>
<dl class="class">
<dt id="django.contrib.auth.models.AnonymousUser">
<em class="property">class </em><code class="descclassname">models.</code><code class="descname">AnonymousUser</code><a class="headerlink" href="#django.contrib.auth.models.AnonymousUser" title="Permalink to this definition">¶</a></dt>
<dd><p><a class="reference internal" href="#django.contrib.auth.models.AnonymousUser" title="django.contrib.auth.models.AnonymousUser"><code class="xref py py-class docutils literal notranslate"><span class="pre">django.contrib.auth.models.AnonymousUser</span></code></a> is a class that
implements the <a class="reference internal" href="#django.contrib.auth.models.User" title="django.contrib.auth.models.User"><code class="xref py py-class docutils literal notranslate"><span class="pre">django.contrib.auth.models.User</span></code></a> interface, with
these differences:</p>
<ul class="simple">
<li><a class="reference internal" href="../../topics/db/models.html#automatic-primary-key-fields"><span class="std std-ref">id</span></a> is always <code class="docutils literal notranslate"><span class="pre">None</span></code>.</li>
<li><a class="reference internal" href="#django.contrib.auth.models.User.username" title="django.contrib.auth.models.User.username"><code class="xref py py-attr docutils literal notranslate"><span class="pre">username</span></code></a> is always the empty
string.</li>
<li><a class="reference internal" href="#django.contrib.auth.models.User.get_username" title="django.contrib.auth.models.User.get_username"><code class="xref py py-meth docutils literal notranslate"><span class="pre">get_username()</span></code></a> always returns
the empty string.</li>
<li><a class="reference internal" href="#django.contrib.auth.models.User.is_anonymous" title="django.contrib.auth.models.User.is_anonymous"><code class="xref py py-attr docutils literal notranslate"><span class="pre">is_anonymous</span></code></a> is <code class="docutils literal notranslate"><span class="pre">True</span></code>
instead of <code class="docutils literal notranslate"><span class="pre">False</span></code>.</li>
<li><a class="reference internal" href="#django.contrib.auth.models.User.is_authenticated" title="django.contrib.auth.models.User.is_authenticated"><code class="xref py py-attr docutils literal notranslate"><span class="pre">is_authenticated</span></code></a> is
<code class="docutils literal notranslate"><span class="pre">False</span></code> instead of <code class="docutils literal notranslate"><span class="pre">True</span></code>.</li>
<li><a class="reference internal" href="#django.contrib.auth.models.User.is_staff" title="django.contrib.auth.models.User.is_staff"><code class="xref py py-attr docutils literal notranslate"><span class="pre">is_staff</span></code></a> and
<a class="reference internal" href="#django.contrib.auth.models.User.is_superuser" title="django.contrib.auth.models.User.is_superuser"><code class="xref py py-attr docutils literal notranslate"><span class="pre">is_superuser</span></code></a> are always
<code class="docutils literal notranslate"><span class="pre">False</span></code>.</li>
<li><a class="reference internal" href="#django.contrib.auth.models.User.is_active" title="django.contrib.auth.models.User.is_active"><code class="xref py py-attr docutils literal notranslate"><span class="pre">is_active</span></code></a> is always <code class="docutils literal notranslate"><span class="pre">False</span></code>.</li>
<li><a class="reference internal" href="#django.contrib.auth.models.User.groups" title="django.contrib.auth.models.User.groups"><code class="xref py py-attr docutils literal notranslate"><span class="pre">groups</span></code></a> and
<a class="reference internal" href="#django.contrib.auth.models.User.user_permissions" title="django.contrib.auth.models.User.user_permissions"><code class="xref py py-attr docutils literal notranslate"><span class="pre">user_permissions</span></code></a> are always
empty.</li>
<li><a class="reference internal" href="#django.contrib.auth.models.User.set_password" title="django.contrib.auth.models.User.set_password"><code class="xref py py-meth docutils literal notranslate"><span class="pre">set_password()</span></code></a>,
<a class="reference internal" href="#django.contrib.auth.models.User.check_password" title="django.contrib.auth.models.User.check_password"><code class="xref py py-meth docutils literal notranslate"><span class="pre">check_password()</span></code></a>,
<a class="reference internal" href="../models/instances.html#django.db.models.Model.save" title="django.db.models.Model.save"><code class="xref py py-meth docutils literal notranslate"><span class="pre">save()</span></code></a> and
<a class="reference internal" href="../models/instances.html#django.db.models.Model.delete" title="django.db.models.Model.delete"><code class="xref py py-meth docutils literal notranslate"><span class="pre">delete()</span></code></a> raise <a class="reference external" href="https://docs.python.org/3/library/exceptions.html#NotImplementedError" title="(in Python v3.8)"><code class="xref py py-exc docutils literal notranslate"><span class="pre">NotImplementedError</span></code></a>.</li>
</ul>
</dd></dl>

<p>In practice, you probably won’t need to use
<a class="reference internal" href="#django.contrib.auth.models.AnonymousUser" title="django.contrib.auth.models.AnonymousUser"><code class="xref py py-class docutils literal notranslate"><span class="pre">AnonymousUser</span></code></a> objects on your own, but
they’re used by Web requests, as explained in the next section.</p>
</div>
<div class="section" id="s-permission-model">
<span id="permission-model"></span><h2><code class="docutils literal notranslate"><span class="pre">Permission</span></code> model<a class="headerlink" href="#permission-model" title="Permalink to this headline">¶</a></h2>
<dl class="class">
<dt id="django.contrib.auth.models.Permission">
<em class="property">class </em><code class="descclassname">models.</code><code class="descname">Permission</code><a class="headerlink" href="#django.contrib.auth.models.Permission" title="Permalink to this definition">¶</a></dt>
<dd></dd></dl>

<div class="section" id="s-id1">
<span id="id1"></span><h3>Fields<a class="headerlink" href="#id1" title="Permalink to this headline">¶</a></h3>
<p><a class="reference internal" href="#django.contrib.auth.models.Permission" title="django.contrib.auth.models.Permission"><code class="xref py py-class docutils literal notranslate"><span class="pre">Permission</span></code></a> objects have the following
fields:</p>
<dl class="class">
<dt>
<em class="property">class </em><code class="descclassname">models.</code><code class="descname">Permission</code></dt>
<dd><dl class="attribute">
<dt id="django.contrib.auth.models.Permission.name">
<code class="descname">name</code><a class="headerlink" href="#django.contrib.auth.models.Permission.name" title="Permalink to this definition">¶</a></dt>
<dd><p>Required. 255 characters or fewer. Example: <code class="docutils literal notranslate"><span class="pre">'Can</span> <span class="pre">vote'</span></code>.</p>
</dd></dl>

<dl class="attribute">
<dt id="django.contrib.auth.models.Permission.content_type">
<code class="descname">content_type</code><a class="headerlink" href="#django.contrib.auth.models.Permission.content_type" title="Permalink to this definition">¶</a></dt>
<dd><p>Required. A reference to the <code class="docutils literal notranslate"><span class="pre">django_content_type</span></code> database table,
which contains a record for each installed model.</p>
</dd></dl>

<dl class="attribute">
<dt id="django.contrib.auth.models.Permission.codename">
<code class="descname">codename</code><a class="headerlink" href="#django.contrib.auth.models.Permission.codename" title="Permalink to this definition">¶</a></dt>
<dd><p>Required. 100 characters or fewer. Example: <code class="docutils literal notranslate"><span class="pre">'can_vote'</span></code>.</p>
</dd></dl>

</dd></dl>

</div>
<div class="section" id="s-id2">
<span id="id2"></span><h3>Methods<a class="headerlink" href="#id2" title="Permalink to this headline">¶</a></h3>
<p><a class="reference internal" href="#django.contrib.auth.models.Permission" title="django.contrib.auth.models.Permission"><code class="xref py py-class docutils literal notranslate"><span class="pre">Permission</span></code></a> objects have the standard
data-access methods like any other <a class="reference internal" href="../models/instances.html"><span class="doc">Django model</span></a>.</p>
</div>
</div>
<div class="section" id="s-group-model">
<span id="group-model"></span><h2><code class="docutils literal notranslate"><span class="pre">Group</span></code> model<a class="headerlink" href="#group-model" title="Permalink to this headline">¶</a></h2>
<dl class="class">
<dt id="django.contrib.auth.models.Group">
<em class="property">class </em><code class="descclassname">models.</code><code class="descname">Group</code><a class="headerlink" href="#django.contrib.auth.models.Group" title="Permalink to this definition">¶</a></dt>
<dd></dd></dl>

<div class="section" id="s-id3">
<span id="id3"></span><h3>Fields<a class="headerlink" href="#id3" title="Permalink to this headline">¶</a></h3>
<p><a class="reference internal" href="#django.contrib.auth.models.Group" title="django.contrib.auth.models.Group"><code class="xref py py-class docutils literal notranslate"><span class="pre">Group</span></code></a> objects have the following fields:</p>
<dl class="class">
<dt>
<em class="property">class </em><code class="descclassname">models.</code><code class="descname">Group</code></dt>
<dd><dl class="attribute">
<dt id="django.contrib.auth.models.Group.name">
<code class="descname">name</code><a class="headerlink" href="#django.contrib.auth.models.Group.name" title="Permalink to this definition">¶</a></dt>
<dd><p>Required. 150 characters or fewer. Any characters are permitted.
Example: <code class="docutils literal notranslate"><span class="pre">'Awesome</span> <span class="pre">Users'</span></code>.</p>
<div class="versionchanged">
<span class="title">Changed in Django 2.2:</span> <p>The <code class="docutils literal notranslate"><span class="pre">max_length</span></code> increased from 80 to 150 characters.</p>
</div>
</dd></dl>

<dl class="attribute">
<dt id="django.contrib.auth.models.Group.permissions">
<code class="descname">permissions</code><a class="headerlink" href="#django.contrib.auth.models.Group.permissions" title="Permalink to this definition">¶</a></dt>
<dd><p>Many-to-many field to <a class="reference internal" href="#django.contrib.auth.models.Permission" title="django.contrib.auth.models.Permission"><code class="xref py py-class docutils literal notranslate"><span class="pre">Permission</span></code></a>:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">group</span><span class="o">.</span><span class="n">permissions</span><span class="o">.</span><span class="n">set</span><span class="p">([</span><span class="n">permission_list</span><span class="p">])</span>
<span class="n">group</span><span class="o">.</span><span class="n">permissions</span><span class="o">.</span><span class="n">add</span><span class="p">(</span><span class="n">permission</span><span class="p">,</span> <span class="n">permission</span><span class="p">,</span> <span class="o">...</span><span class="p">)</span>
<span class="n">group</span><span class="o">.</span><span class="n">permissions</span><span class="o">.</span><span class="n">remove</span><span class="p">(</span><span class="n">permission</span><span class="p">,</span> <span class="n">permission</span><span class="p">,</span> <span class="o">...</span><span class="p">)</span>
<span class="n">group</span><span class="o">.</span><span class="n">permissions</span><span class="o">.</span><span class="n">clear</span><span class="p">()</span>
</pre></div>
</div>
</dd></dl>

</dd></dl>

</div>
</div>
<div class="section" id="s-validators">
<span id="validators"></span><h2>Validators<a class="headerlink" href="#validators" title="Permalink to this headline">¶</a></h2>
<dl class="class">
<dt id="django.contrib.auth.validators.ASCIIUsernameValidator">
<em class="property">class </em><code class="descclassname">validators.</code><code class="descname">ASCIIUsernameValidator</code><a class="headerlink" href="#django.contrib.auth.validators.ASCIIUsernameValidator" title="Permalink to this definition">¶</a></dt>
<dd><p>A field validator allowing only ASCII letters and numbers, in addition to
<code class="docutils literal notranslate"><span class="pre">&#64;</span></code>, <code class="docutils literal notranslate"><span class="pre">.</span></code>, <code class="docutils literal notranslate"><span class="pre">+</span></code>, <code class="docutils literal notranslate"><span class="pre">-</span></code>, and <code class="docutils literal notranslate"><span class="pre">_</span></code>.</p>
</dd></dl>

<dl class="class">
<dt id="django.contrib.auth.validators.UnicodeUsernameValidator">
<em class="property">class </em><code class="descclassname">validators.</code><code class="descname">UnicodeUsernameValidator</code><a class="headerlink" href="#django.contrib.auth.validators.UnicodeUsernameValidator" title="Permalink to this definition">¶</a></dt>
<dd><p>A field validator allowing Unicode characters, in addition to <code class="docutils literal notranslate"><span class="pre">&#64;</span></code>, <code class="docutils literal notranslate"><span class="pre">.</span></code>,
<code class="docutils literal notranslate"><span class="pre">+</span></code>, <code class="docutils literal notranslate"><span class="pre">-</span></code>, and <code class="docutils literal notranslate"><span class="pre">_</span></code>. The default validator for <code class="docutils literal notranslate"><span class="pre">User.username</span></code>.</p>
</dd></dl>

</div>
<div class="section" id="s-module-django.contrib.auth.signals">
<span id="s-login-and-logout-signals"></span><span id="s-topics-auth-signals"></span><span id="module-django.contrib.auth.signals"></span><span id="login-and-logout-signals"></span><span id="topics-auth-signals"></span><h2>Login and logout signals<a class="headerlink" href="#module-django.contrib.auth.signals" title="Permalink to this headline">¶</a></h2>
<p>The auth framework uses the following <a class="reference internal" href="../../topics/signals.html"><span class="doc">signals</span></a> that
can be used for notification when a user logs in or out.</p>
<dl class="function">
<dt id="django.contrib.auth.signals.user_logged_in">
<code class="descname">user_logged_in</code>()<a class="headerlink" href="#django.contrib.auth.signals.user_logged_in" title="Permalink to this definition">¶</a></dt>
<dd><p>Sent when a user logs in successfully.</p>
<p>Arguments sent with this signal:</p>
<dl class="docutils">
<dt><code class="docutils literal notranslate"><span class="pre">sender</span></code></dt>
<dd>The class of the user that just logged in.</dd>
<dt><code class="docutils literal notranslate"><span class="pre">request</span></code></dt>
<dd>The current <a class="reference internal" href="../request-response.html#django.http.HttpRequest" title="django.http.HttpRequest"><code class="xref py py-class docutils literal notranslate"><span class="pre">HttpRequest</span></code></a> instance.</dd>
<dt><code class="docutils literal notranslate"><span class="pre">user</span></code></dt>
<dd>The user instance that just logged in.</dd>
</dl>
</dd></dl>

<dl class="function">
<dt id="django.contrib.auth.signals.user_logged_out">
<code class="descname">user_logged_out</code>()<a class="headerlink" href="#django.contrib.auth.signals.user_logged_out" title="Permalink to this definition">¶</a></dt>
<dd><p>Sent when the logout method is called.</p>
<dl class="docutils">
<dt><code class="docutils literal notranslate"><span class="pre">sender</span></code></dt>
<dd>As above: the class of the user that just logged out or <code class="docutils literal notranslate"><span class="pre">None</span></code>
if the user was not authenticated.</dd>
<dt><code class="docutils literal notranslate"><span class="pre">request</span></code></dt>
<dd>The current <a class="reference internal" href="../request-response.html#django.http.HttpRequest" title="django.http.HttpRequest"><code class="xref py py-class docutils literal notranslate"><span class="pre">HttpRequest</span></code></a> instance.</dd>
<dt><code class="docutils literal notranslate"><span class="pre">user</span></code></dt>
<dd>The user instance that just logged out or <code class="docutils literal notranslate"><span class="pre">None</span></code> if the
user was not authenticated.</dd>
</dl>
</dd></dl>

<dl class="function">
<dt id="django.contrib.auth.signals.user_login_failed">
<code class="descname">user_login_failed</code>()<a class="headerlink" href="#django.contrib.auth.signals.user_login_failed" title="Permalink to this definition">¶</a></dt>
<dd><p>Sent when the user failed to login successfully</p>
<dl class="docutils">
<dt><code class="docutils literal notranslate"><span class="pre">sender</span></code></dt>
<dd>The name of the module used for authentication.</dd>
<dt><code class="docutils literal notranslate"><span class="pre">credentials</span></code></dt>
<dd>A dictionary of keyword arguments containing the user credentials that were
passed to <a class="reference internal" href="../../topics/auth/default.html#django.contrib.auth.authenticate" title="django.contrib.auth.authenticate"><code class="xref py py-func docutils literal notranslate"><span class="pre">authenticate()</span></code></a> or your own custom
authentication backend. Credentials matching a set of ‘sensitive’ patterns,
(including password) will not be sent in the clear as part of the signal.</dd>
<dt><code class="docutils literal notranslate"><span class="pre">request</span></code></dt>
<dd>The <a class="reference internal" href="../request-response.html#django.http.HttpRequest" title="django.http.HttpRequest"><code class="xref py py-class docutils literal notranslate"><span class="pre">HttpRequest</span></code></a> object, if one was provided to
<a class="reference internal" href="../../topics/auth/default.html#django.contrib.auth.authenticate" title="django.contrib.auth.authenticate"><code class="xref py py-func docutils literal notranslate"><span class="pre">authenticate()</span></code></a>.</dd>
</dl>
</dd></dl>

</div>
<div class="section" id="s-module-django.contrib.auth.backends">
<span id="s-authentication-backends"></span><span id="s-authentication-backends-reference"></span><span id="module-django.contrib.auth.backends"></span><span id="authentication-backends"></span><span id="authentication-backends-reference"></span><h2>Authentication backends<a class="headerlink" href="#module-django.contrib.auth.backends" title="Permalink to this headline">¶</a></h2>
<p>This section details the authentication backends that come with Django. For
information on how to use them and how to write your own authentication
backends, see the <a class="reference internal" href="../../topics/auth/customizing.html#authentication-backends"><span class="std std-ref">Other authentication sources section</span></a> of the <a class="reference internal" href="../../topics/auth/index.html"><span class="doc">User authentication guide</span></a>.</p>
<div class="section" id="s-available-authentication-backends">
<span id="available-authentication-backends"></span><h3>Available authentication backends<a class="headerlink" href="#available-authentication-backends" title="Permalink to this headline">¶</a></h3>
<p>The following backends are available in <a class="reference internal" href="#module-django.contrib.auth.backends" title="django.contrib.auth.backends: Django's built-in authentication backend classes."><code class="xref py py-mod docutils literal notranslate"><span class="pre">django.contrib.auth.backends</span></code></a>:</p>
<dl class="class">
<dt id="django.contrib.auth.backends.ModelBackend">
<em class="property">class </em><code class="descname">ModelBackend</code><a class="headerlink" href="#django.contrib.auth.backends.ModelBackend" title="Permalink to this definition">¶</a></dt>
<dd><p>This is the default authentication backend used by Django.  It
authenticates using credentials consisting of a user identifier and
password.  For Django’s default user model, the user identifier is the
username, for custom user models it is the field specified by
USERNAME_FIELD (see <a class="reference internal" href="../../topics/auth/customizing.html"><span class="doc">Customizing Users and authentication</span></a>).</p>
<p>It also handles the default permissions model as defined for
<a class="reference internal" href="#django.contrib.auth.models.User" title="django.contrib.auth.models.User"><code class="xref py py-class docutils literal notranslate"><span class="pre">User</span></code></a> and
<a class="reference internal" href="../../topics/auth/customizing.html#django.contrib.auth.models.PermissionsMixin" title="django.contrib.auth.models.PermissionsMixin"><code class="xref py py-class docutils literal notranslate"><span class="pre">PermissionsMixin</span></code></a>.</p>
<p><a class="reference internal" href="#django.contrib.auth.backends.ModelBackend.has_perm" title="django.contrib.auth.backends.ModelBackend.has_perm"><code class="xref py py-meth docutils literal notranslate"><span class="pre">has_perm()</span></code></a>, <a class="reference internal" href="#django.contrib.auth.backends.ModelBackend.get_all_permissions" title="django.contrib.auth.backends.ModelBackend.get_all_permissions"><code class="xref py py-meth docutils literal notranslate"><span class="pre">get_all_permissions()</span></code></a>, <a class="reference internal" href="#django.contrib.auth.backends.ModelBackend.get_user_permissions" title="django.contrib.auth.backends.ModelBackend.get_user_permissions"><code class="xref py py-meth docutils literal notranslate"><span class="pre">get_user_permissions()</span></code></a>,
and <a class="reference internal" href="#django.contrib.auth.backends.ModelBackend.get_group_permissions" title="django.contrib.auth.backends.ModelBackend.get_group_permissions"><code class="xref py py-meth docutils literal notranslate"><span class="pre">get_group_permissions()</span></code></a> allow an object to be passed as a
parameter for object-specific permissions, but this backend does not
implement them other than returning an empty set of permissions if
<code class="docutils literal notranslate"><span class="pre">obj</span> <span class="pre">is</span> <span class="pre">not</span> <span class="pre">None</span></code>.</p>
<dl class="method">
<dt id="django.contrib.auth.backends.ModelBackend.authenticate">
<code class="descname">authenticate</code>(<em>request</em>, <em>username=None</em>, <em>password=None</em>, <em>**kwargs</em>)<a class="headerlink" href="#django.contrib.auth.backends.ModelBackend.authenticate" title="Permalink to this definition">¶</a></dt>
<dd><p>Tries to authenticate <code class="docutils literal notranslate"><span class="pre">username</span></code> with <code class="docutils literal notranslate"><span class="pre">password</span></code> by calling
<a class="reference internal" href="#django.contrib.auth.models.User.check_password" title="django.contrib.auth.models.User.check_password"><code class="xref py py-meth docutils literal notranslate"><span class="pre">User.check_password</span></code></a>. If no <code class="docutils literal notranslate"><span class="pre">username</span></code>
is provided, it tries to fetch a username from <code class="docutils literal notranslate"><span class="pre">kwargs</span></code> using the
key <a class="reference internal" href="../../topics/auth/customizing.html#django.contrib.auth.models.CustomUser.USERNAME_FIELD" title="django.contrib.auth.models.CustomUser.USERNAME_FIELD"><code class="xref py py-attr docutils literal notranslate"><span class="pre">CustomUser.USERNAME_FIELD</span></code></a>. Returns an
authenticated user or <code class="docutils literal notranslate"><span class="pre">None</span></code>.</p>
<p><code class="docutils literal notranslate"><span class="pre">request</span></code> is an <a class="reference internal" href="../request-response.html#django.http.HttpRequest" title="django.http.HttpRequest"><code class="xref py py-class docutils literal notranslate"><span class="pre">HttpRequest</span></code></a> and may be <code class="docutils literal notranslate"><span class="pre">None</span></code>
if it wasn’t provided to <a class="reference internal" href="../../topics/auth/default.html#django.contrib.auth.authenticate" title="django.contrib.auth.authenticate"><code class="xref py py-func docutils literal notranslate"><span class="pre">authenticate()</span></code></a>
(which passes it on to the backend).</p>
</dd></dl>

<dl class="method">
<dt id="django.contrib.auth.backends.ModelBackend.get_user_permissions">
<code class="descname">get_user_permissions</code>(<em>user_obj</em>, <em>obj=None</em>)<a class="headerlink" href="#django.contrib.auth.backends.ModelBackend.get_user_permissions" title="Permalink to this definition">¶</a></dt>
<dd><p>Returns the set of permission strings the <code class="docutils literal notranslate"><span class="pre">user_obj</span></code> has from their
own user permissions. Returns an empty set if
<a class="reference internal" href="../../topics/auth/customizing.html#django.contrib.auth.models.AbstractBaseUser.is_anonymous" title="django.contrib.auth.models.AbstractBaseUser.is_anonymous"><code class="xref py py-attr docutils literal notranslate"><span class="pre">is_anonymous</span></code></a> or
<a class="reference internal" href="../../topics/auth/customizing.html#django.contrib.auth.models.CustomUser.is_active" title="django.contrib.auth.models.CustomUser.is_active"><code class="xref py py-attr docutils literal notranslate"><span class="pre">is_active</span></code></a> is <code class="docutils literal notranslate"><span class="pre">False</span></code>.</p>
</dd></dl>

<dl class="method">
<dt id="django.contrib.auth.backends.ModelBackend.get_group_permissions">
<code class="descname">get_group_permissions</code>(<em>user_obj</em>, <em>obj=None</em>)<a class="headerlink" href="#django.contrib.auth.backends.ModelBackend.get_group_permissions" title="Permalink to this definition">¶</a></dt>
<dd><p>Returns the set of permission strings the <code class="docutils literal notranslate"><span class="pre">user_obj</span></code> has from the
permissions of the groups they belong. Returns an empty set if
<a class="reference internal" href="../../topics/auth/customizing.html#django.contrib.auth.models.AbstractBaseUser.is_anonymous" title="django.contrib.auth.models.AbstractBaseUser.is_anonymous"><code class="xref py py-attr docutils literal notranslate"><span class="pre">is_anonymous</span></code></a> or
<a class="reference internal" href="../../topics/auth/customizing.html#django.contrib.auth.models.CustomUser.is_active" title="django.contrib.auth.models.CustomUser.is_active"><code class="xref py py-attr docutils literal notranslate"><span class="pre">is_active</span></code></a>  is <code class="docutils literal notranslate"><span class="pre">False</span></code>.</p>
</dd></dl>

<dl class="method">
<dt id="django.contrib.auth.backends.ModelBackend.get_all_permissions">
<code class="descname">get_all_permissions</code>(<em>user_obj</em>, <em>obj=None</em>)<a class="headerlink" href="#django.contrib.auth.backends.ModelBackend.get_all_permissions" title="Permalink to this definition">¶</a></dt>
<dd><p>Returns the set of permission strings the <code class="docutils literal notranslate"><span class="pre">user_obj</span></code> has, including both
user permissions and group permissions. Returns an empty set if
<a class="reference internal" href="../../topics/auth/customizing.html#django.contrib.auth.models.AbstractBaseUser.is_anonymous" title="django.contrib.auth.models.AbstractBaseUser.is_anonymous"><code class="xref py py-attr docutils literal notranslate"><span class="pre">is_anonymous</span></code></a> or
<a class="reference internal" href="../../topics/auth/customizing.html#django.contrib.auth.models.CustomUser.is_active" title="django.contrib.auth.models.CustomUser.is_active"><code class="xref py py-attr docutils literal notranslate"><span class="pre">is_active</span></code></a> is <code class="docutils literal notranslate"><span class="pre">False</span></code>.</p>
</dd></dl>

<dl class="method">
<dt id="django.contrib.auth.backends.ModelBackend.has_perm">
<code class="descname">has_perm</code>(<em>user_obj</em>, <em>perm</em>, <em>obj=None</em>)<a class="headerlink" href="#django.contrib.auth.backends.ModelBackend.has_perm" title="Permalink to this definition">¶</a></dt>
<dd><p>Uses <a class="reference internal" href="#django.contrib.auth.backends.ModelBackend.get_all_permissions" title="django.contrib.auth.backends.ModelBackend.get_all_permissions"><code class="xref py py-meth docutils literal notranslate"><span class="pre">get_all_permissions()</span></code></a> to check if <code class="docutils literal notranslate"><span class="pre">user_obj</span></code> has the
permission string <code class="docutils literal notranslate"><span class="pre">perm</span></code>. Returns <code class="docutils literal notranslate"><span class="pre">False</span></code> if the user is not
<a class="reference internal" href="../../topics/auth/customizing.html#django.contrib.auth.models.CustomUser.is_active" title="django.contrib.auth.models.CustomUser.is_active"><code class="xref py py-attr docutils literal notranslate"><span class="pre">is_active</span></code></a>.</p>
</dd></dl>

<dl class="method">
<dt id="django.contrib.auth.backends.ModelBackend.has_module_perms">
<code class="descname">has_module_perms</code>(<em>user_obj</em>, <em>app_label</em>)<a class="headerlink" href="#django.contrib.auth.backends.ModelBackend.has_module_perms" title="Permalink to this definition">¶</a></dt>
<dd><p>Returns whether the <code class="docutils literal notranslate"><span class="pre">user_obj</span></code> has any permissions on the app
<code class="docutils literal notranslate"><span class="pre">app_label</span></code>.</p>
</dd></dl>

<dl class="method">
<dt id="django.contrib.auth.backends.ModelBackend.user_can_authenticate">
<code class="descname">user_can_authenticate</code>()<a class="headerlink" href="#django.contrib.auth.backends.ModelBackend.user_can_authenticate" title="Permalink to this definition">¶</a></dt>
<dd><p>Returns whether the user is allowed to authenticate. To match the
behavior of <a class="reference internal" href="../../topics/auth/default.html#django.contrib.auth.forms.AuthenticationForm" title="django.contrib.auth.forms.AuthenticationForm"><code class="xref py py-class docutils literal notranslate"><span class="pre">AuthenticationForm</span></code></a>
which <a class="reference internal" href="../../topics/auth/default.html#django.contrib.auth.forms.AuthenticationForm.confirm_login_allowed" title="django.contrib.auth.forms.AuthenticationForm.confirm_login_allowed"><code class="xref py py-meth docutils literal notranslate"><span class="pre">prohibits</span> <span class="pre">inactive</span> <span class="pre">users</span> <span class="pre">from</span> <span class="pre">logging</span> <span class="pre">in</span></code></a>,
this method returns <code class="docutils literal notranslate"><span class="pre">False</span></code> for users with <a class="reference internal" href="#django.contrib.auth.models.User.is_active" title="django.contrib.auth.models.User.is_active"><code class="xref py py-attr docutils literal notranslate"><span class="pre">is_active=False</span></code></a>. Custom user models that
don’t have an <a class="reference internal" href="../../topics/auth/customizing.html#django.contrib.auth.models.CustomUser.is_active" title="django.contrib.auth.models.CustomUser.is_active"><code class="xref py py-attr docutils literal notranslate"><span class="pre">is_active</span></code></a>
field are allowed.</p>
</dd></dl>

</dd></dl>

<dl class="class">
<dt id="django.contrib.auth.backends.AllowAllUsersModelBackend">
<em class="property">class </em><code class="descname">AllowAllUsersModelBackend</code><a class="headerlink" href="#django.contrib.auth.backends.AllowAllUsersModelBackend" title="Permalink to this definition">¶</a></dt>
<dd><p>Same as <a class="reference internal" href="#django.contrib.auth.backends.ModelBackend" title="django.contrib.auth.backends.ModelBackend"><code class="xref py py-class docutils literal notranslate"><span class="pre">ModelBackend</span></code></a> except that it doesn’t reject inactive users
because <a class="reference internal" href="#django.contrib.auth.backends.ModelBackend.user_can_authenticate" title="django.contrib.auth.backends.ModelBackend.user_can_authenticate"><code class="xref py py-meth docutils literal notranslate"><span class="pre">user_can_authenticate()</span></code></a> always returns <code class="docutils literal notranslate"><span class="pre">True</span></code>.</p>
<p>When using this backend, you’ll likely want to customize the
<a class="reference internal" href="../../topics/auth/default.html#django.contrib.auth.forms.AuthenticationForm" title="django.contrib.auth.forms.AuthenticationForm"><code class="xref py py-class docutils literal notranslate"><span class="pre">AuthenticationForm</span></code></a> used by the
<a class="reference internal" href="../../topics/auth/default.html#django.contrib.auth.views.LoginView" title="django.contrib.auth.views.LoginView"><code class="xref py py-class docutils literal notranslate"><span class="pre">LoginView</span></code></a> by overriding the
<a class="reference internal" href="../../topics/auth/default.html#django.contrib.auth.forms.AuthenticationForm.confirm_login_allowed" title="django.contrib.auth.forms.AuthenticationForm.confirm_login_allowed"><code class="xref py py-meth docutils literal notranslate"><span class="pre">confirm_login_allowed()</span></code></a>
method as it rejects inactive users.</p>
</dd></dl>

<dl class="class">
<dt id="django.contrib.auth.backends.RemoteUserBackend">
<em class="property">class </em><code class="descname">RemoteUserBackend</code><a class="headerlink" href="#django.contrib.auth.backends.RemoteUserBackend" title="Permalink to this definition">¶</a></dt>
<dd><p>Use this backend to take advantage of external-to-Django-handled
authentication.  It authenticates using usernames passed in
<a class="reference internal" href="../request-response.html#django.http.HttpRequest.META" title="django.http.HttpRequest.META"><code class="xref py py-attr docutils literal notranslate"><span class="pre">request.META['REMOTE_USER']</span></code></a>.  See
the <a class="reference internal" href="../../howto/auth-remote-user.html"><span class="doc">Authenticating against REMOTE_USER</span></a>
documentation.</p>
<p>If you need more control, you can create your own authentication backend
that inherits from this class and override these attributes or methods:</p>
<dl class="attribute">
<dt id="django.contrib.auth.backends.RemoteUserBackend.create_unknown_user">
<code class="descname">create_unknown_user</code><a class="headerlink" href="#django.contrib.auth.backends.RemoteUserBackend.create_unknown_user" title="Permalink to this definition">¶</a></dt>
<dd><p><code class="docutils literal notranslate"><span class="pre">True</span></code> or <code class="docutils literal notranslate"><span class="pre">False</span></code>. Determines whether or not a user object is
created if not already in the database  Defaults to <code class="docutils literal notranslate"><span class="pre">True</span></code>.</p>
</dd></dl>

<dl class="method">
<dt id="django.contrib.auth.backends.RemoteUserBackend.authenticate">
<code class="descname">authenticate</code>(<em>request</em>, <em>remote_user</em>)<a class="headerlink" href="#django.contrib.auth.backends.RemoteUserBackend.authenticate" title="Permalink to this definition">¶</a></dt>
<dd><p>The username passed as <code class="docutils literal notranslate"><span class="pre">remote_user</span></code> is considered trusted. This
method simply returns the user object with the given username, creating
a new user object if <a class="reference internal" href="#django.contrib.auth.backends.RemoteUserBackend.create_unknown_user" title="django.contrib.auth.backends.RemoteUserBackend.create_unknown_user"><code class="xref py py-attr docutils literal notranslate"><span class="pre">create_unknown_user</span></code></a> is
<code class="docutils literal notranslate"><span class="pre">True</span></code>.</p>
<p>Returns <code class="docutils literal notranslate"><span class="pre">None</span></code> if <a class="reference internal" href="#django.contrib.auth.backends.RemoteUserBackend.create_unknown_user" title="django.contrib.auth.backends.RemoteUserBackend.create_unknown_user"><code class="xref py py-attr docutils literal notranslate"><span class="pre">create_unknown_user</span></code></a> is
<code class="docutils literal notranslate"><span class="pre">False</span></code> and a <code class="docutils literal notranslate"><span class="pre">User</span></code> object with the given username is not found in
the database.</p>
<p><code class="docutils literal notranslate"><span class="pre">request</span></code> is an <a class="reference internal" href="../request-response.html#django.http.HttpRequest" title="django.http.HttpRequest"><code class="xref py py-class docutils literal notranslate"><span class="pre">HttpRequest</span></code></a> and may be <code class="docutils literal notranslate"><span class="pre">None</span></code>
if it wasn’t provided to <a class="reference internal" href="../../topics/auth/default.html#django.contrib.auth.authenticate" title="django.contrib.auth.authenticate"><code class="xref py py-func docutils literal notranslate"><span class="pre">authenticate()</span></code></a>
(which passes it on to the backend).</p>
</dd></dl>

<dl class="method">
<dt id="django.contrib.auth.backends.RemoteUserBackend.clean_username">
<code class="descname">clean_username</code>(<em>username</em>)<a class="headerlink" href="#django.contrib.auth.backends.RemoteUserBackend.clean_username" title="Permalink to this definition">¶</a></dt>
<dd><p>Performs any cleaning on the <code class="docutils literal notranslate"><span class="pre">username</span></code> (e.g. stripping LDAP DN
information) prior to using it to get or create a user object. Returns
the cleaned username.</p>
</dd></dl>

<dl class="method">
<dt id="django.contrib.auth.backends.RemoteUserBackend.configure_user">
<code class="descname">configure_user</code>(<em>request</em>, <em>user</em>)<a class="headerlink" href="#django.contrib.auth.backends.RemoteUserBackend.configure_user" title="Permalink to this definition">¶</a></dt>
<dd><p>Configures a newly created user.  This method is called immediately
after a new user is created, and can be used to perform custom setup
actions, such as setting the user’s groups based on attributes in an
LDAP directory. Returns the user object.</p>
<p><code class="docutils literal notranslate"><span class="pre">request</span></code> is an <a class="reference internal" href="../request-response.html#django.http.HttpRequest" title="django.http.HttpRequest"><code class="xref py py-class docutils literal notranslate"><span class="pre">HttpRequest</span></code></a> and may be <code class="docutils literal notranslate"><span class="pre">None</span></code>
if it wasn’t provided to <a class="reference internal" href="../../topics/auth/default.html#django.contrib.auth.authenticate" title="django.contrib.auth.authenticate"><code class="xref py py-func docutils literal notranslate"><span class="pre">authenticate()</span></code></a>
(which passes it on to the backend).</p>
<div class="versionchanged">
<span class="title">Changed in Django 2.2:</span> <p>The <code class="docutils literal notranslate"><span class="pre">request</span></code> argument was added. Support for method overrides
that don’t accept it will be removed in Django 3.1.</p>
</div>
</dd></dl>

<dl class="method">
<dt id="django.contrib.auth.backends.RemoteUserBackend.user_can_authenticate">
<code class="descname">user_can_authenticate</code>()<a class="headerlink" href="#django.contrib.auth.backends.RemoteUserBackend.user_can_authenticate" title="Permalink to this definition">¶</a></dt>
<dd><p>Returns whether the user is allowed to authenticate. This method
returns <code class="docutils literal notranslate"><span class="pre">False</span></code> for users with <a class="reference internal" href="#django.contrib.auth.models.User.is_active" title="django.contrib.auth.models.User.is_active"><code class="xref py py-attr docutils literal notranslate"><span class="pre">is_active=False</span></code></a>. Custom user models that
don’t have an <a class="reference internal" href="../../topics/auth/customizing.html#django.contrib.auth.models.CustomUser.is_active" title="django.contrib.auth.models.CustomUser.is_active"><code class="xref py py-attr docutils literal notranslate"><span class="pre">is_active</span></code></a>
field are allowed.</p>
</dd></dl>

</dd></dl>

<dl class="class">
<dt id="django.contrib.auth.backends.AllowAllUsersRemoteUserBackend">
<em class="property">class </em><code class="descname">AllowAllUsersRemoteUserBackend</code><a class="headerlink" href="#django.contrib.auth.backends.AllowAllUsersRemoteUserBackend" title="Permalink to this definition">¶</a></dt>
<dd><p>Same as <a class="reference internal" href="#django.contrib.auth.backends.RemoteUserBackend" title="django.contrib.auth.backends.RemoteUserBackend"><code class="xref py py-class docutils literal notranslate"><span class="pre">RemoteUserBackend</span></code></a> except that it doesn’t reject inactive
users because <a class="reference internal" href="#django.contrib.auth.backends.RemoteUserBackend.user_can_authenticate" title="django.contrib.auth.backends.RemoteUserBackend.user_can_authenticate"><code class="xref py py-attr docutils literal notranslate"><span class="pre">user_can_authenticate</span></code></a> always
returns <code class="docutils literal notranslate"><span class="pre">True</span></code>.</p>
</dd></dl>

</div>
</div>
<div class="section" id="s-utility-functions">
<span id="utility-functions"></span><h2>Utility functions<a class="headerlink" href="#utility-functions" title="Permalink to this headline">¶</a></h2>
<dl class="function">
<dt id="django.contrib.auth.get_user">
<code class="descname">get_user</code>(<em>request</em>)<a class="reference internal" href="../../_modules/django/contrib/auth.html#get_user"><span class="viewcode-link">[source]</span></a><a class="headerlink" href="#django.contrib.auth.get_user" title="Permalink to this definition">¶</a></dt>
<dd><p>Returns the user model instance associated with the given <code class="docutils literal notranslate"><span class="pre">request</span></code>’s
session.</p>
<p>It checks if the authentication backend stored in the session is present in
<a class="reference internal" href="../settings.html#std:setting-AUTHENTICATION_BACKENDS"><code class="xref std std-setting docutils literal notranslate"><span class="pre">AUTHENTICATION_BACKENDS</span></code></a>. If so, it uses the backend’s
<code class="docutils literal notranslate"><span class="pre">get_user()</span></code> method to retrieve the user model instance and then verifies
the session by calling the user model’s
<a class="reference internal" href="../../topics/auth/customizing.html#django.contrib.auth.models.AbstractBaseUser.get_session_auth_hash" title="django.contrib.auth.models.AbstractBaseUser.get_session_auth_hash"><code class="xref py py-meth docutils literal notranslate"><span class="pre">get_session_auth_hash()</span></code></a>
method.</p>
<p>Returns an instance of <a class="reference internal" href="#django.contrib.auth.models.AnonymousUser" title="django.contrib.auth.models.AnonymousUser"><code class="xref py py-class docutils literal notranslate"><span class="pre">AnonymousUser</span></code></a>
if the authentication backend stored in the session is no longer in
<a class="reference internal" href="../settings.html#std:setting-AUTHENTICATION_BACKENDS"><code class="xref std std-setting docutils literal notranslate"><span class="pre">AUTHENTICATION_BACKENDS</span></code></a>, if a user isn’t returned by the
backend’s <code class="docutils literal notranslate"><span class="pre">get_user()</span></code> method, or if the session auth hash doesn’t
validate.</p>
</dd></dl>

</div>
</div>


          </div>
        </div>
      </div>
      
        
          <div class="yui-b" id="sidebar">
            
      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
        <div class="sphinxsidebarwrapper">
  <h3><a href="../../contents.html">Table of Contents</a></h3>
  <ul>
<li><a class="reference internal" href="#"><code class="docutils literal notranslate"><span class="pre">django.contrib.auth</span></code></a><ul>
<li><a class="reference internal" href="#user-model"><code class="docutils literal notranslate"><span class="pre">User</span></code> model</a><ul>
<li><a class="reference internal" href="#fields">Fields</a></li>
<li><a class="reference internal" href="#attributes">Attributes</a></li>
<li><a class="reference internal" href="#methods">Methods</a></li>
<li><a class="reference internal" href="#manager-methods">Manager methods</a></li>
</ul>
</li>
<li><a class="reference internal" href="#anonymoususer-object"><code class="docutils literal notranslate"><span class="pre">AnonymousUser</span></code> object</a></li>
<li><a class="reference internal" href="#permission-model"><code class="docutils literal notranslate"><span class="pre">Permission</span></code> model</a><ul>
<li><a class="reference internal" href="#id1">Fields</a></li>
<li><a class="reference internal" href="#id2">Methods</a></li>
</ul>
</li>
<li><a class="reference internal" href="#group-model"><code class="docutils literal notranslate"><span class="pre">Group</span></code> model</a><ul>
<li><a class="reference internal" href="#id3">Fields</a></li>
</ul>
</li>
<li><a class="reference internal" href="#validators">Validators</a></li>
<li><a class="reference internal" href="#module-django.contrib.auth.signals">Login and logout signals</a></li>
<li><a class="reference internal" href="#module-django.contrib.auth.backends">Authentication backends</a><ul>
<li><a class="reference internal" href="#available-authentication-backends">Available authentication backends</a></li>
</ul>
</li>
<li><a class="reference internal" href="#utility-functions">Utility functions</a></li>
</ul>
</li>
</ul>

  <h4>Previous topic</h4>
  <p class="topless"><a href="admin/javascript.html"
                        title="previous chapter">JavaScript customizations in the admin</a></p>
  <h4>Next topic</h4>
  <p class="topless"><a href="contenttypes.html"
                        title="next chapter">The contenttypes framework</a></p>
  <div role="note" aria-label="source link">
    <h3>This Page</h3>
    <ul class="this-page-menu">
      <li><a href="../../_sources/ref/contrib/auth.txt"
            rel="nofollow">Show Source</a></li>
    </ul>
   </div>
<div id="searchbox" style="display: none" role="search">
  <h3>Quick search</h3>
    <div class="searchformwrapper">
    <form class="search" action="../../search.html" method="get">
      <input type="text" name="q" />
      <input type="submit" value="Go" />
      <input type="hidden" name="check_keywords" value="yes" />
      <input type="hidden" name="area" value="default" />
    </form>
    </div>
</div>
<script type="text/javascript">$('#searchbox').show(0);</script>
        </div>
      </div>
              <h3>Last update:</h3>
              <p class="topless">Mar 04, 2020</p>
          </div>
        
      
    </div>

    <div id="ft">
      <div class="nav">
    &laquo; <a href="admin/javascript.html" title="JavaScript customizations in the admin">previous</a>
     |
    <a href="../index.html" title="API Reference" accesskey="U">up</a>
   |
    <a href="contenttypes.html" title="The contenttypes framework">next</a> &raquo;</div>
    </div>
  </div>

      <div class="clearer"></div>
    </div>
  </body>
</html>